<?php

// Include config file
include_once('./common.php');

// Connect to database
$link = dbConnect();

// Attempt to auth user with database
if(isset($_POST['autoLogin']) && $_POST['autoLogin'] == "true"){
	$password = mysql_real_escape_string($_POST['password']);
}else{
	$password = handlePassword($_POST['password']);
}
$user = auth($_POST['username'], $password);

if($user == ""){
    $output = "loginResult=bad";
}else{	
	$output = "loginResult=good&username=".$user['username']."&password=".$password."&userID=".$user['id'];
	$output .= privateMessages($user['id'], $_POST['privateMessageLimit']);
	
	//check if they are a global admin
	$output .= "&admin=".checkAdminPermissions($user['id']);
	
	//if we've got a forumID coming down that means we are logging in past the category view
	if(isset($_POST['forumID'])){
		//get the user's forum permissions and fire them back to flash
		$guestGroupID = mysql_real_escape_string($_POST['guestGroupID']);
		$forumID = mysql_real_escape_string($_POST['forumID']);
		$perms = checkForumPermissions($forumID, $user['id'], $guestGroupID);
		
		//if they don't have permission (which they should to be able to login)
		if(!$perms){
			echo "output=permissionError";
			mysql_close($link);
			return;
		}
		
		//send the perms off to flash
		$output .= $perms;
	}
}

// Output all in one go
echo $output;

// Close link to database server
mysql_close($link);
?>